software defined networking with pseudonym...

SPECIAL SECTION ON ADVANCES IN VEHICULAR CLOUDS

Received March 28, 2016, accepted April 17, 2016, date of publication April 29, 2016, date of current version July 22, 2016.

Digital Object Identifier 10.1109/ACCESS.2016.2560902

Software Defined Networking With PseudonymSystems for Secure Vehicular CloudsXUMIN HUANG1, RONG YU1, (Member, IEEE), JIAWEN KANG1, NING WANG2, (Member, IEEE),SABITA MAHARJAN3, (Member, IEEE), AND YAN ZHANG3, (Senior Member, IEEE)1School of Automation, Guangdong University of Technology, Guangzhou 510006, China2Center for Communications Systems Research, University of Surrey, Surrey GU2 7XH, U.K.3Simula Research Laboratory, and University of Oslo, Norway

Corresponding author: Y. Zhang ([email protected]).

The work was supported in part by the National Natural Science Foundation of China under Grant 61422201, Grant 61370159,Grant U1201253, and Grant U1301255, in part by the Science and Technology Program of Guangdong Province underGrant 2015B010129001, in part by the Special-Support Project of Guangdong Province under Grant 2014TQ01X100,in part by the High Education Excellent Young Teacher Program of Guangdong Province under Grant YQ2013057,in part by the Science and Technology Program of Guangzhou through the Zhujiang New Star Program underGrant 2014J2200097, and in part by the Research Council of Norway, under Project 240079/F20.

ABSTRACT The vehicular cloud is a promising new paradigm, where vehicular networking and mobilecloud computing are elaborately integrated to enhance the quality of vehicular information services.Pseudonym is a resource for vehicles to protect their location privacy, which should be efficiently utilized tosecure vehicular clouds. However, only a few existing architectures of pseudonym systems take flexibilityand efficiency into consideration, thus leading to potential threats to location privacy. In this paper, weexploit software-defined networking technology to significantly extend the flexibility and programmabilityfor pseudonym management in vehicular clouds. We propose a software-defined pseudonym system, wherethe distributed pseudonym pools are promptly scheduled and elastically managed in a hierarchical manner.In order to decrease the system overhead due to the cost of inter-pool communications, we leverage thetwo-sided matching theory to formulate and solve the pseudonym resource scheduling. We conductedextensive simulations based on the real map of San Francisco. Numerical results indicate that the pro-posed software-defined pseudonym system significantly improves the pseudonym resource utilization, andmeanwhile, effectively enhances the vehicles’ location privacy by raising their entropy.

INDEX TERMS Software defined network, vehicular cloud, security and privacy, two-sided matchingtheory, pseudonym management

I. INTRODUCTIONWith the rapid development of wireless communication tech-nologies [1], [2], vehicles can utilize vehicle-to-infrastructureand vehicle-to-vehicle communications with the help ofon-board devices to form vehicular networks. However, manyemerging mobile applications require larger and secure stor-age [3] and complex computation, and brings new resourcechallenges to vehicular networks, e.g., vehicle platoon [4],real-time video streaming application [5]–[8] and vehicularaugmented reality, social media sharing [9], [10]. To meetthe growing demands of radio and computing resources,vehicular networks take the advantages of cloud computingand are evolving towards vehicular clouds. From a system-level view, idle resources in vehicles, network infrastructures(e.g., roadside unit (RSU)) and cloud infrastructures (e.g, datacenter) can be recruited to form a vehicular cloud system.

A typical vehicular cloud system [11] consists of three dif-ferent levels as following. 1) At the bottom level, cooperativevehicles create a vehicular cloud. 2) At the middle layer,a set of adjacent RSUs form a local cloud. 3) At the top layer,central cloud manages resources in the system. Whileubiquitous wireless communication of pervasive cloud com-puting greatly facilitate the formation and functioning ofvehicular cloud, privacy and security challenges remain to beaddressed for this new domain [12], [13].

To secure vehicular clouds, we focus on pseudonym,which is an essential resource for vehicles to protect locationprivacy [14]. Most of the privacy protection schemes areimplemented on the basis of pseudonyms, e.g., groupsignature, silent period, and mix-zone [14]. Vehicles shouldperiodically change their pseudonyms to avoid being con-tinuously tracked. Moreover, a third-party cloud service

35222169-3536 2016 IEEE. Translations and content mining are permitted for academic research only.

Personal use is also permitted, but republication/redistribution requires IEEE permission.See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

VOLUME 4, 2016

X. Huang et al.: Software-Defined Networking With Pseudonym Systems

provider may pose potential threats to the vehicles becauseof data leakage [15]. This further highlights the importanceof pseudonyms for vehicles to protect privacy in vehicularclouds. Vehicles need to possess sufficient pseudonyms to beable to frequently change for anonymity.

Moreover, with the increasing number of vehicles,pseudonym management in vehicular clouds has become achallenging problem. The drawbacks of a previous central-ized approach to manage pseudonyms mainly include twoaspects: a heavy computing workload for the central cloudand a big backhaul delay for the vehicles. These vulner-abilities confine the pseudonym system capacity, and alsoresult in low utilization of pseudonyms. Consequently, thepseudonyms may not be sufficient to maintain the locationprivacy of the vehicles. To this end, a new pseudonym systemwith high flexibility and efficient pseudonym utilization isnecessary. We exploit Software Defined Networking (SDN)to significantly enhance the flexibility and programmabil-ity for pseudonym management in vehicular clouds. Soft-ware defined networking is a novel technology to controlthe network in a logically centralized, programmable andsystematic approach by decoupling the physical data planeand the abstract control plane [16]. The potential of cen-tralized knowledge, programmability and flexibility in SDNcan satisfy the requirements of vehicular clouds and simplifypseudonym management, especially when the number ofvehicles is high.

In this paper, we propose a Software-Defined PseudonymSystem (SDPS), where distributed pseudonym pools aredeployed, quickly scheduled and elastically managed ina hierarchical manner. Besides, to decrease the systemoverhead due to the cost of inter-pool communications, weleverage the two-sided matching theory to formulate andsolve the pseudonym resource scheduling. The main contri-butions of this paper are summarized as follows.• We propose a software-defined pseudonym systemwith a hierarchical architecture, which leverages theSDN technology to provide flexibility and programma-bility for pseudonym management.

• We develop the two-sided matching theory to solvepseudonym resource scheduling problem, whichmatches the optimal pseudonym transmitters andreceivers to decrease the system overhead due to the costof inter-pool communications.

• Numerical results show that the proposed software-defined pseudonym system significantly improvesthe pseudonym resource utilization, and effectivelystrengthens the vehicles’ location privacy.

The rest of this paper is organized as follows. Section IIpresents the related work. We describe a new observa-tion about delay on pseudonym distribution approaches inSection III. A hierarchical architecture of software-definedpseudonym system is proposed in Section IV. Section Vdiscusses the pseudonym-allocation problem, and weintroduce the two-sided matching theory to solve this prob-lem in Section VI. Performance evaluation of our proposed

scheme is provided in Section VII. Finally, Section VIIIconcludes this paper.

II. RELATED WORKRecently, a few studies have investigated the combinationof cloud computing and vehicular networks. The authorsin [11] presented a hierarchical architecture to organizethe cloud resources in a vehicular network, consisting ofthree layers: vehicular cloud, RSU cloud, and central cloud.In [17], the authors pointed out that the way of networkservice provisioning changes when integrating the mobilecloud model into vehicular networks. The Vehicular Ad hocNetworks (VANET) Cloud, a new cloud computing modelfor VANET as introduced in [18], consists of three lay-ers: client layer, cloud layer and communication layer.Jiang and Du [19] proposed a new two-tier BUS-VANET thatenables less delivery delay and higher delivery rate than thoseof the traditional VANET.

Along with the system architectures and design principles,some researchers have shown great interest in the resourceallocation problem in vehicular clouds. Due to uncertaintyof the vehicles’ behavior, the variation of available com-putation resources in vehicular clouds cannot be neglected.To address this problem, the authors in [20] proposed an opti-mal computation resource allocation scheme. The dynamicvehicular clouds make a decision about whether or notto locally process a service request. Then the computingresource allocation problem in a vehicular cloud is for-mulated as a semi-Markov decision process to maximizethe total long-term reward of the vehicles. The authorsin [11] focused on resource allocation and formulated thecompetition among virtual machines as a non-cooperativegame. Similarly, RSU cloud resource management mod-els in [21] employed SDN technology to decrease virtualmachinemigration, andminimize the number of service hostsand the infrastructure routing delay.

SDN is emerged as a promising approach for providinga centralized control method for global resource manage-ment in cloud computing environment. The authors in [22]combined SDN framework with cloud computing for cloudresource optimal control. A resource sharing strategy isdesigned with global optimum in the control plane andexecuted by each cloud service provider in the data plane.Chase et al. [23] exploited SDN technology to allow theflexible allocation of bandwidth coordinated with virtualmachine provisioning to minimize users costs. An optimalbandwidth provisioning and routing decision on virtualizedrouters are made by an SDN controller and then implementedon the physical network. Similar work on bandwidth allo-cation based on SDN was studied in [24] for guaranteeingquality of service. With unified network abstractionand programmability, SDN can be utilized for overcom-ing todays limitations in vehicular networks [25]. Throughutilizing SDN framework to manage the cloud resourcesin vehicular clouds, a new paradigm of 5G-enabledvehicular networks was proposed in [26]. With SDN

VOLUME 4, 2016 3523


technology reconfiguring resources, an efficient RSUcloud resource management scheme aiming to mini-mize reconfiguration overhead was proposed in [21].In this paper, we also consider that SDN can be to coordinateamong vehicles and allocate efficiently all kinds of resourcesin vehicular clouds.

Pseudonym is crucial for vehicles to protect their locationprivacy when forming a vehicular cloud for inter-vehicularcommunication [14]. Vehicles need sufficient pseudonymsto frequently change for location privacy preservation.The schemes for pseudonym distribution can be broadlycategorized into two groups. I) A centralized pseudonympool distributes pseudonyms to vehicles. In [27], each vehi-cle obtains 48830 pseudonyms at a time, and uses thesepseudonyms over a long time (e.g., one year). II) Distributedpseudonym pools distribute pseudonyms to vehicles by dis-tributed pseudonym pools. In [28], the vehicles periodicallyobtain a certain number of resource (keys or pseudonyms)from local managers.

For efficient generation and management of pseudonyms,we adopt a distributed approach that distributed local cloudwith a pseudonym pool generates and manages pseudonyms.This approach can reduce pseudonym distribution delayand balance the computing workload in vehicular clouds.To improve pseudonym utilization efficiency and to provideflexibility on pseudonym management, we propose a newpseudonym system, SDPS, for vehicular clouds. The vehiclesare mobile in both time and space, consequently causingdifferent pseudonym demands in time and from differentpseudonym pools. To address this issue, we design an effi-cient pseudonym scheduling and distribution scheme usingthe two-sided matching theory.

III. A NEW OBSERVATION ONPSEUDONYM DISTRIBUTIONIn this section, we first introduce two pseudonymmanagement approaches in details. Furthermore, we makean observation about pseudonym distribution and find out theadvantages of distributed pseudonym management approach.

A. TWO PSEUDONYM MANAGEMENT APPROACHESIn the centralized pseudonym management approach,a centralized pseudonym pool stores all pseudonyms andcertificates, and distributes them to the vehicles for pri-vacy protection. Vehicles request and obtain pseudonymsthrough RSUs. All the vehicles send pseudonym requestswith digital signatures to nearby RSUs after encryption. TheRSUs decrypt and verify the pseudonym requests, and trans-mit these requests to the central manager after encrypting andadding signatures of the RSUs. The central manager decryptsand verifies the signatures generated by the RSUs and thevehicles. The central manager encrypts the pseudonyms andtransmits them to the RSUs. After decryption and verifica-tion, the RSUs send the pseudonyms to the vehicles.

For distributed pseudonym-management, there is a localauthority and a pseudonym pool in the local cloud.

Vehicles request pseudonyms from the local clouds. Theprocess of pseudonym distribution in the distributed approachis simpler. The local authorities generate and manage theirpseudonyms in their own pseudonym pools. A vehicle sendsan encrypted request with signature to its nearby RSU, whichdelivers the requests to a local authority. The local authoritydecrypts and verifies the request, and then distributes theencrypted pseudonyms to the vehicle. The vehicle verifiesand receives the pseudonyms from the RSU. We observethat there are less handshake protocols and data transmis-sion delay in the distributed approach. Besides, for cen-tral pseudonym management approach, all the pseudonymsinclude corresponding public and private keys and cer-tificates. This brings a heavy computing workload to thecentral cloud from pseudonyms generation to revocation.A distributed pseudonymmanagement approach can be help-ful to balance this computing workload.

B. AN EXPERIMENT ABOUT PSEUDONYM DISTRIBUTIONIn this subsection, we compare the distribution delayof pseudonyms in different pseudonym managementapproaches. We select a map of the West University Placeand Braeswood Place, Houston [29] as observation areas.Twelve RSUs are deployed in this map according to thescheme proposed in [30]. There are four local clouds in theexperiment, each consisting of four adjacent RSUs. Some ofthe vehicles are mobile within the region of interest. We con-sider that the request for pseudonyms from the vehicles indifferent local clouds follows a Poisson process. The averagekey size is 1024 bits in RSA algorithm [31]. The time takento execute basic operations in our experiment is referredfrom [32].

Fig. 1 shows that the distribution delay increases withthe increase in average arrival rate of the vehicles thatrequest pseudonyms. The pseudonym distribution delay inthe centralized approach is higher compared to the distributedapproach. Moreover, it is clear that the computing overheadof basic operations of pseudonymmanagement (e.g., signing,encrypting and decrypting) in the centralized pseudonym

FIGURE 1. The distribution delay comparison of distributed andcentralized management.

3524 VOLUME 4, 2016


management approach is higher than that in the distributedapproach since there are more handshake protocols in theformer. The central authority manages pseudonyms of all thevehicles, while the local authorities only manage a part of thevehicles. Therefore, the distributed approach is more efficientthan the centralized approach because of smaller distributiondelay and lower computation overhead.

IV. SOFTWARE-DEFINED PSEUDONYM SYSTEMSIn this section, we propose a software-defined pseudonymsystem, where distributed pseudonym pools are deployed,scheduled and elastically managed in a hierarchical manner.

A. SDN FOR PSEUDONYM MANAGEMENTSDN has emerged as a novel approach to control the networkin a centralized, programmable and systematic manner. Thecore concept of SDN is the separation between the controlplane and the data plane. By decoupling these two planes,network intelligence and state can be logically centralized andthe data forwarding is abstracted from applications [33]. Theflexibility of SDN can be an important advantage for cloudresource allocation tomeet dynamic demands, and to improveresource utilization in vehicular clouds [21].

We exploit SDN technology to increase the flexibility andprogrammability for pseudonym management in vehicularclouds. To deploy SDN, a communication protocol betweenthe control plane and the data plane is required. We usethe OpenFlow protocol, which is the defacto standardprotocol for SDN. It consists of OpenFlow controller andOpenFlow switches. We design the pseudonym resourcescheduling strategy in the control plane. Utilizing this strat-egy, the OpenFlow controller defines pseudonym forwardingrules for every OpenFlow switch in the pseudonym (data)plane. Some benefits of leveraging SDN in the context ofpseudonym management are as follows.• Globalization: The centralized controller obtains globalknowledge about pseudonym resource, i.e., demandand consumption rates of all local clouds. With theseinformation, an optimal resource scheduling strategyis designed to allocate the pseudonyms on demandefficiently.

• Flexibility: SDN technology brings flexibility andprogrammability into the vehicular clouds for pseudonymmanagement. Pseudonyms can be flexibly managedaccording to the heterogeneous characteristics of vehic-ular networks, such as mobility, topology and capability.

• Simplicity: By decoupling the pseudonym resourcecontrols (control plane) and pseudonym forwardingfunctions (data plane), SDN simplifies pseudonymman-agement. This goal can be achieved even if the numberof vehicles is high.

B. A HIERARCHICAL ARCHITECTURE FOR SDPSFig. 2 shows a hierarchical architecture for SDPS in vehicularclouds, which is divided into data plane and control plane.The vehicular clouds in this paper have three-layer clouds:

FIGURE 2. A hierarchical architecture of SDPS in vehicular clouds.

central cloud, local cloud and vehicular cloud. There are aregistration authority, a data center and an OpenFlow con-troller in the central cloud. The registration authoritymanagesthe digital certificates of all entities, e.g., vehicles, RSUs,OpenFlow switches, and pseudonym pools. The registrationauthority is in charge of monitoring the behaviors of all enti-ties to ensure system security [27]. The data centers collectand store the status information of all local clouds. Theseinformation include traffic flow, and the deployment infor-mation of pseudonyms, which are used to design the opti-mal pseudonym resource scheduling strategy. Some adjacentRSUs and a remote data center form a local cloud, including apseudonym pool with an OpenFlow switch. A group of coop-erative vehicles create a vehicular cloud to share vehicularresources.

Pseudonym is utilized in frequent vehicle-to-vehicle andvehicle-to-infrastructure communication for location privacypreservation. For example, when nearby vehicles inmotion constitute a dynamic vehicular cloud, inter-vehiclecommunication is normally required. For location privacypreservation, the vehicles without sufficient pseudonymssend pseudonym requests to nearby RSUs. The local cloudschedules pseudonyms generated by its pseudonym poolto support the demands from vehicles. Generally, thepseudonym demands from vehicles in different local cloudsmay change over time. This means that there exists redundantor on-demand pseudonym resource among the local clouds.

In the SDPS, pseudonyms are generated by localpseudonym pools and transferred to other pseudonym poolsin different local clouds when necessary. The pseudonyms are

VOLUME 4, 2016 3525


managed by the local clouds that distribute them.When somepseudonyms are distributed to a vehicle, these pseudonymswill be attached with signatures of the local clouds to indi-cate the manager. For example, a vehicle obtains somepseudonyms from the local cloud LC1. LC1 signs thepseudonyms and the vehicle may enter another local cloud,e.g., LC2 . LC2 verifies the signatures of the pseudonymsto authenticate the vehicle. If the vehicle wants to requestnew pseudonyms from LC2, LC2 need to inform LC1 toperform revocation of the former pseudonyms distributed tothe vehicle. Then LC2 distributes new pseudonyms to thevehicle.

The OpenFlow controller collects and analyzes theglobal status information in vehicular clouds. To improvepseudonym utilization, the global controller makes anoptimal pseudonym resource scheduling strategy, and thenOpenFlow switches forward pseudonym flow. A pseudonym-flow table is designed by the controller and sent toevery OpenFlow switch. OpenFlow switches receive thepseudonym-flow table, and forward the pseudonyms to vehi-cles or other pseudonym pools according to the flow rules.The system consists of the following SDN components.• OpenFlow Controller: In the control plane, theOpenFlow controller is the logical central intelligenceof the vehicular clouds, which controls the networkbehavior of the entire system. The controller designsthe optimal pseudonym resource scheduling strategy andgenerates a detailed pseudonym-flow table for everyOpenFlow switch.

• OpenFlow Switch: In the data plane, the pseudonympools equipped with OpenFlow switches are controlledby the OpenFlow controller to perform actions. Theyare stationary elements of data plane, which are respon-sible for forwarding pseudonym flow, e.g., forwardingpseudonyms to local vehicles or other pseudonym pools.

More details about functions of data plane and control planeare shown in Fig. 3 and are described next.• Data Plane:The pseudonym pools in local clouds gener-ate pseudonyms at a constant rate. There is an OpenFlowswitch in every pseudonym pool, and every OpenFlowswitch communicates with the OpenFlow controller.According to flow rules in a pseudonym-flow tabledesigned by the OpenFlow controller, a pseudonym poolmay distribute the pseudonyms to relative RSUs to makevehicles anonymous for privacy preservation in its cov-erage. On the other hand, it can also transmit redundantpseudonyms to others, or receive a certain number ofpseudonyms from others. Therefore, the data plane isresponsible for performing pseudonym flow forwardingtasks in this system. Besides, status information aboutOpenFlow switches are also uploaded to the controllerfor checking.

• Control Plane: The OpenFlow controller in the cen-tral cloud obtains global information about all thepseudonym pools and pseudonym requests from vehi-cles. The OpenFlow controller makes the optimal

FIGURE 3. Control plane and data plane in SDPS.

pseudonym resource allocation strategy among pseudonympools. A pseudonym-flow table is also designed by thecontroller, and then it decides how the pseudonymsare forwarded in the vehicular clouds. The formatof an item in a pseudonym-flow table is shown as:PID From To Time . Here, ‘‘PID’’ denotes

the identification of pseudonym. ‘‘From’’ and ‘‘To’’indicate where the pseudonym is generated from andtransmitted to, respectively. To can be an addressof an RSU or other pseudonym pools. ‘‘Time’’ isthe timestamp of pseudonym generation. The goal ofthe pseudonym-flow table is to maximize the utiliza-tion of pseudonym resource by transmitting redundantpseudonyms to the pseudonym pools that fall shortof pseudonyms. Due to the cost of inter-pools com-munication, the redundant pseudonyms should be wellscheduled and transferred from pseudonym transmittersto receivers among the pseudonym pools. To efficientlymatch transmitters and receivers, we use two-sidedmatching theory to obtain the optimal result after multi-rounds matching.

V. PROBLEM FORMULATIONIn our model, the pseudonym pools with OpenFlow switchesform a network as an undirected graph G = G(V ,E).The network of the pseudonym pools includes m nodes(i.e., pseudonym pools) and n node pairs (i.e., edges andlinks). The pseudonym pools in local clouds are denoted byV = {P1,P2, ...,Pm}. The set of edges E represents theundirected pseudonym transmission links. The pseudonymdata packets can be transmitted between two connectedpseudonym pools via wired link with smaller cost. Duringthe transmission of pseudonym data packets, the data packetloss per distance unit is l [34]. Then the weights of edges

3526 VOLUME 4, 2016


are calculated by the total pseudonym transmission loss(denoted as c) between two connected pseudonym pools.Here, c = l • d , where d is the distance between twoconnected pseudonym pools. All the pseudonym pools areconnected with each other. Using Dijkstra’s algorithm, thelink with minimum communication cost between any twopseudonym pools can be determined. Defining a symmetricmatrix M = Dijkstra(G) as the inter-pool minimum commu-nication cost matrix, the element of the matrix, mi,j(i 6= j),represents the minimum communication cost betweenpseudonym pool Pi and pseudonym pool Pj. To make thispaper clear, we use m(Pi,Pj) to replace mi,j.At the beginning of an observation period t (i.e., a time

window), a pseudonym pool Pi possesses a certain amount ofresidual pseudonym resource Rti . Each pseudonym pool gen-erates pseudonyms at a constant rate, θi. The average consum-ing rate of pseudonym resource of Pi in the following time(denoted as λti ) can be estimated from the historical records bystatistical methods. During time interval T , ifRti > (λti−θi)T ,Pi has a certain amount of redundant pseudonym resource.Otherwise Pi lacks pseudonym resource. Let r ti represent thedifference between the amount of required resources and theamount of actual resources as follows,

r(Pi) =∣∣Rti + θiT − λtiT ∣∣ . (1)

Pi shares idle pseudonyms with other pseudonym poolsor receives pseudonyms from others. We represent thepseudonym pool offering pseudonyms to others as OP,and the pseudonym pool receiving pseudonyms from theOPs as RP.

In an SDPS, a pseudonym resource scheduling problemincludes three considerations.• 1) OPs are rational to determine that how many idlepseudonyms can be offered to RPs after considering boththe current and future demands.

• 2) To decrease the system overhead, OPs prefer to offertheir idle pseudonyms to some proper RPs with smallerinter-pool communications cost.

According to this principle, an optimal pseudonym resourceallocation strategy among the pseudonym pools can bedesigned.

VI. SOLUTION FOR PSEUDONYMRESOURCE SCHEDULINGA. THE OPTIMAL STRATEGIES FOR OPsFor OPs, they offer a certain amount of idle pseudonyms toothers according to a predefined utility function. The utilityfunction of an OP, OPi, consists of two components: thesatisfaction function and the cost function. The satisfactionfunction S ti is defined as

S ti = wi log(1+ ρti xti ). (2)

Here, x ti (x ti ≥ 0) represents the amount of pseudonymresource that OPi would like to offer to others in time periodt . wi is the willingness of OPi, which is determined by its

geographical advantage in G. wi can be expressed by

wi =k∑

j 6=im(Pi,Pj)

, (3)

where k is a predefined constant. The form of wi is similarto the closeness centrality in [35]. Clearly, less pseudonymtransmission loss between OPi and other pseudonym poolsstimulates OPi to share its idle pseudonyms. The redundantlevel in the current time period of OPi is denoted by

ρti = aRti + θiT

λtiT, (4)

where a is the redundant level gain and is predefined by thepreference of pseudonym pools. OPi is willing to offer morepseudonyms to others for higher utility, when it possessesmore idle pseudonyms. But OPi should take its demandlevel of the next time period (denoted as γ ti ) into con-sideration when offering idle pseudonyms to others. γ ti isdefined as

γ ti = bλt+1i

λti, (5)

where b is the redundant level gain, that can be prede-fined. The cost of OPi offering resources to others is pro-portional to γ ti . Thus, the utility function of OPi can beexpressed as

uti = wi log(1+ ρti xti )− γ

ti x

ti . (6)

Next, to obtain the optimal solution, we analyze the charac-teristic of the utility function. Differentiating uti with respectto x ti , we get

∂uti∂x ti=

wiρti(1+ ρti x

ti ) ln 2

− γ ti ,

∂2uti∂x ti

2 = −wiρt2i

(1+ ρix ti )2 ln 2

< 0.

The utility function is concave, so we can obtain its maximalvalue by leveraging

∂uti∂xti= 0. Thus, the optimal amount

of idle pseudonyms offering to others (denoted as x t∗i ) isexpressed as

x t∗i =wi

γ ti ln 2−

1ρti. (7)

For the sake of fairness, x t∗i is constrained by r(OPi) asfollows,

x t∗i = min(r(OPi),wi

γ ti ln 2−

1ρti

). (8)

B. TWO-SIDED MATCHING AMONG PSEUDONYM POOLSAfter calculating the optimal number of idle pseudonymsprovided by the OPs, a global controller in the central clouddecides that how to allocate these pseudonyms to the RPs.The OPs transfer their idle pseudonyms to appropriate RPs

VOLUME 4, 2016 3527


for less cost of the inter-pool communications. It is a match-ing problem between the RPs and the OPs to decide thathow to match an optimal RP for every OP, which aims atdecreasing the system overhead due to the cost of inter-poolcommunications.

We use a simple and efficient two-sided matching theorybased on Gale-Shapley algorithm to solve the problem ofoptimal pseudonym resource allocation [36]. RPs, as theinviters, will propose to the invitees OPs according to theirown preference lists (denoted as PL(Pi)). The PL is gener-ated and stored according to communication cost of differ-ent pseudonym pools. In the preference list of RPi, OPj isarranged in the φij th order. Conversely, in the preference list

of OPj, RPi is arranged in the ϕji th order. The preference lists

are described as follows:

OPj = PL(RPi, φij ),

RPi = PL(OPj, ϕji ). (9)

We take a pseudonym pool network consisting of two OPsand three RPs as an example. The preference lists of OPs andRPs are given as follows.

OP1 : {RP2,RP1,RP3};

OP2 : {RP2,RP1,RP3};

RP1 : {OP2,OP1};

RP2 : {OP2,OP1};

RP3 : {OP1,OP2}.

For simplicity, we consider that every RP demands theequal amount of pseudonyms and the redundant pseudonymresource of every OP only can satisfy one RP. In the firstround of matching procedure, every RP proposes to itsfavorite OP according to its preference list. In the first roundof result, every OP chooses the favorite one from the existinginviters according to the preference list. More details areshown as follows.

1st round procedure 1st round resultRP1→ OP2 RP1→RP2→ OP2 RP2 ↔ OP2RP3→ OP1 RP3 ↔ OP1

OP1 chooses to match with RP3 temporally because thatRP3 is the only inviter forOP1 in the first round.OP2 choosesto match with RP2 because that RP2 is prior to RP1 in thepreference list of OP2. Then RP1 has to choose the next OPin its preference list in the next round. Similarly, the secondround procedure and result are listed as

2nd round procedure 2nd round procedureRP1→ OP1 RP1 ↔ OP1RP2 ↔ OP2 RP2 ↔ OP2RP3 ↔ OP1 RP3→

After being rejected by OP2, RP1 proposes to OP1 in thesecond round. Due to the priority ofRP1,OP1 prefers to breakthe previous matching result with RP3, and then receives

the invitation from RP1. As a result, RP3 has to stay alonein this round. Although RP3 tries to propose OP2 subse-quently, the result in the second round is stable becausethat both OP1 and OP2 do not want to change their currentinviters. Thus, two stable matches between RP1, RP2, RP3and OP1, OP2 are formed and satisfy the requirement ofthe two-sided matching. According to the above example,we know that, to decrease the system overhead due to thecost of inter-pool communications, the matching problembetween RPs andOPs can be solved by a two-sided matchingproblem.

We use a binary variable, µ(RPi,OPj), to denote the finalmatching result. When the binary value is 1, it means that thepseudonym pools are matched. There may exist many roundsduring the process of two-sided matching. Every matchinground includes the following three stages.

1) STAGE 1The inviters propose to the invitees. RPs request pseudonymresource and send queries to the first OP in their preferencelists. Every OP that act as the invitee selects the best partneraccording to its own preference list. When multiple RPspropose to the same OP, the OP selects the best RP from theproposers. If an RP is rejected by any OP, the RP will proposeto the next OP in the RP’s preference list until it is acceptedor is rejected by all the OPs in its preference list.Theorem 1: µ(RPi,OPj) = 1 will exist if and only if

φij∑s=1

µ(RPi,PL(RPi, s))+ϕji∑

s=1µ(PL(OPj, s),OPj) = 0.

Proof: RPi proposes to OPj, which means that RPihas already been rejected by those OPs that whoseorders are prior to φij . The rejections are expressed byφij∑s=1

µ(RPi,PL(RPi, s)) = 0. OPj accepts RPi, only

if OPj has no better proposer but RPi, which impliesϕji∑

s=1µ(PL(OPj, s),OPj) = 0. This means that for RPi, it

has been rejected those OPs that are better than OPj in itspreference list. So OPj is the best choice of RPi at that time.Conversely, for OPj, the acceptation of RPi is done becausethat there is no better inviter than RPi. Then,µ(RPi,OPj) = 1will exist if and only if both RPi and OPj have been matchedwith their own best partner. In summary, the final outcomeof matching is the optimal two-sided result, because bothinviters and invitees have been matched with their own bestpartner. The matching result is stable since both the invitersand the invitees have no better choice [36].

2) STAGE 2OPs decide the amount of transmitted pseudonym resource.If µ(RPi,OPj) = 1, the amount of pseudonym resourcetransmission between RPi and OPj (denoted as t(RPi,OPj))depends on m(RPi,OPj), x(OPj) and r(RPi). For decreas-ing transmission cost, the amount of transmitted pseudonym

3528 VOLUME 4, 2016


resource is given by,

t(RPi,OPj) =

r(RPi)+ m(RPi,OPj),r(RPi)+ m(RPi,OPj)< x(OPi);

x(OPi), m(RPi,OPj) < x(OPi)≤ r(RPi)+ m(RPi,OPj);

0, x(OPi) ≤ m(RPi,OPj).(10)

The actual amount of pseudonym resource received by RPi isequal to min(t(RPi,OPj)− m(RPi,OPj), 0).

3) STAGE 3Updating the members of inviters and invitees.If µ(RPi,OPj) = 1 and RPi obtains enough pseudonymresource, which satisfiesmin(t(RPi,OPj)−m(RPi,OPj), 0) =r(RPi), RPi will split from the set of RPs. Otherwise, RPi willupdate its resource status information as follows,

r(RPi) = r(RPi)−min(t(RPi,OPj)− m(RPi,OPj), 0),

(11)

and then joins into the next matching round. Thus, a new setof RPs occurs. OPj will update the status information afteroffering pseudonym resource to RPi, as

r(OPj) = r(OPj)− t(RPi,OPj). (12)

If OPj cannot offer enough amount of pseudonyms forany RP in the next round, which satisfies x(OPj) ≤min(m(RP,OPj)), it will split from the set of OPs. Otherwise,it still stay in OPs. When the set of RPs or OPs is empty, thematching process ends.

C. PSEUDONYM-FLOW TABLEThe optimal pseudonym allocation strategy can be performedin terms of designing a detailed pseudonym-flow table forevery OpenFlow switch. For a local cloud, it first satisfiesthe local pseudonym demands and then transfers redundantpseudonyms to others. The local clouds transfer pseudonymsto local vehicles or other local clouds in a batch. For instance,several pseudonyms are generated in OPi and packagedtogether in time slot t . We denote this pseudonym pack-age as pti . According to the optimal pseudonym resourceallocation strategy, OPi should transfer ti,j (the number ofpseudonym packages) to RPj (j = 1, 2, 3...N ). If there existsa local pseudonym request at this time, pti will be deliveredto the local requester, otherwise it will be transferred to RPsor be stored in local pseudonym pool when

∑ti,j = 0.

Following this principle, a detailed pseudonym-flow tableof OPi can be designed according to Algorithm 1.

VII. NUMERICAL RESULTSIn this section, we evaluate the performance of the pro-posed pseudonym resource scheme in an actual urban area ofSan Francisco. The latitude is from 37.73619 to 37.81505,and the longitude is from -122.51431 to -122.36731.

Algorithm 1 Pseudonym Distribution Algorithm// An element denoted as A[j] in an array A[N ] indicatesthat how many pseudonym packets OPi, has transferred toRPj+1.1: Initialize an array A[N ] = 0 and j = 0.2: while t ∈ T do3: Generate a pseudonym package, pti .4: if there is a local pseudonym request then5: Deliver pti to the local requester.6: else7: Initialize Flag← 0.

8: whileN−1∑k=0

A[k] <N∑k=1

ti,k AND Flag do

9: while j < N AND Flag do10: if A[j] < ti,j+1 then11: Transfer pti to RPj+1.12: A[j]← A[j]+ 113: Next RP, j← j+ 114: if j == N then15: Initialize again, j← 016: end if17: end if18: end while19: end while

20: ifN−1∑k=0

A[k] ==N∑k=1

ti,k then

21: Store pti locally.22: end if23: end if24: Next time slot, t ← t + 125: end while

FIGURE 4. The connection of pseudonym pools in the real mapof San Francisco.

As shown in Fig. 4, the observed area is approximately11.03× 7.6 km2, which is divided into 8 grids (local clouds)according to the spatial distribution of vehicle hotspots inFig. 5 [37]. The coverage of each local cloud is about 11 km2.In an urban area, the vehicles often take familiar routes in a

VOLUME 4, 2016 3529


FIGURE 5. Spatial distribution of vehicle hotspots.

specified time period, such as similar trajectories from hometo work in the day time [38]. We also deploy 8 pseudonympools in the observed area shown in Fig. 4, whose locationsare restricted by the geographical conditions and the trafficload of each local cloud. The pseudonym pools 1, 2, 3 and 4are deployed in the commercial areas. And the pseudonympools 5, 6, 7 and 8 belong to the residential areas. This deploy-ment strategy of local clouds follows the spatio-temporaldistributions of the vehicles.

In this paper, we use the OpenFlow protocol to deploythe SDN [16]. Every pseudonym pool connects with anOpenFlow switch, which is responsible for forwarding thepseudonym flow. A global OpenFlow controller is deployedat a remote cloud, which acts as the central cloud. There existsa data center in the central cloud, which collects global real-time status information of the network. The OpenFlow con-troller can access to the global information for predictions,analyses and decisions. According to pseudonym-flow rulesdesigned by the OpenFlow controller, pseudonym resource isscheduled among the pseudonym pools.

The pseudonym pools communicate with each otherthrough wired communication technologies. For simplicity,the transmission cost of pseudonyms (i.e., package dropoutrate) is set to 1 unit/km and the generating rate of eachpseudonym pool can be equal, denoted by θ [14]. Accord-ing to the vehicular statistic data in [37], we set that thepseudonyms consuming process of each pseudonym poolfollows a Poisson process, which the mean value ranges from100 to 400 units per minute with an observation time period(i.e., 1 hour).

Actually, the wired connections among the pseudonympools are restricted by geographical conditions. For exam-ple, pseudonym pool 7 is screened on three sides by threehills. It cannot directly connect to pseudonym pool 4, 6and 8 since there are some geographical obstructions, suchas hills and lakes. The network construction expense istoo high to establish communication links across the hills.

Therefore pseudonym pool 7 only establishes network con-nectivity with pseudonym pool 1 to decrease the networkconstruction expense. The nearby pseudonym pools withoutgeographical obstructions are directly connected with eachother. Some pseudonym pools, that are far away from others,can also connect with each other through multi-hop transmis-sion, e.g, pseudonym pools 2 and 6.

A. PERFORMANCE COMPARISON OFDIFFERENT APPROACHESTo further analyze the performance of our proposed approach,we consider a typical scenario of unbalanced demands ofpseudonyms among pseudonym pools. The pseudonym poolsare divided into two sides: four pseudonym pools receivingpseudonyms from OPs (denoted as RP = {P1,P2,P3,P4})and four pseudonym pools that offer pseudonymsto others (denoted as OP = {P5,P6,P7,P8}). Thepseudonym generating rate of each pseudonym pool is100 units/minute. During the observation period of 1 hour,if the pseudonyms consuming rates of the RPs range from300 to 400 units/minute, it indicates that the RPs are busy.While if pseudonym consuming rates of the OPs range from100 to 200 units/minute, it indicates that the RPs are idle.

The pseudonym pools cooperate to share idle pseudonymsusing two-sided matching theory. During the observationtime, the probability of vehicles obtaining pseudonyms froma pseudonym pool is expressed by POi = min(1 −Rti+θiTλtiT

, 1). Fig. 6 shows the performance comparison of dif-ferent approaches with respect to the probability of vehiclesobtaining pseudonyms from pseudonym pools. From thisfigure, OPs are always able to satisfy the demands of the vehi-cles during observation time. It means that idle pseudonymresource sharing has no influence on the performance of OPssince the OPs have enough pseudonyms to satisfy pseudonymdemands of local vehicles. Moreover, RPs are able to improvePOi through obtaining some pseudonyms from OPs with thehelp of pseudonym-sharing. As a result, the performance of

FIGURE 6. The performance comparison with respect to the probability ofobtaining pseudonyms from pseudonym pool.

3530 VOLUME 4, 2016


FIGURE 7. The performance comparison of the total number of servedvehicles.

the whole network is improved when the pseudonym poolscooperate with each other. The average value of probabilityin our proposed approach is about 28% higher than thatwithout pseudonym-cooperation. Similar improvement canbe observed in Fig. 7, where the performance index is thetotal number of served vehicles. The average value of the totalnumber of served vehicles with our proposed scheme is 40%higher than that without cooperation scheme.

Generally, the level of location privacy is quantifiedas the uncertainty of the information related to a spe-cific vehicle. Here, the uncertainty is described by privacyentropy H . The maximum H of a local cloud is given byHm = log2(|S|) [39]. Here, |S| represents the total numberof served vehicles, which can obtain the needed pseudonyms.Fig. 8 shows that the improvement of the average entropy ofvehicles with cooperation is influenced by the pseudonymsgenerating rate θ . When the generating rate of pseudonymsis 50 units/minute, the maximum improved entropy is 12% in

FIGURE 8. The performance comparison of different approaches withrespect to privacy entropy.

our scheme. This emphasizes the importance of pseudonym-cooperation among pseudonym pools to improve the privacyentropy of vehicles when the pseudonym-generating rate islow. As the generating rate of the pseudonym pools increases,the change of average entropy is not obvious. It is becausemost of the pseudonym pools can gradually satisfy the vehi-cles’ demands by themselves.

Fig. 9 shows system overhead comparison between ourproposed scheme with the existing scheme [14]. One of theexisting schemes only schedules pseudonym resource amongnearby local clouds, which is called as Nearby PseudonymPools Matching (NPPM) scheme in this paper. Fig. 9 showthat our proposed scheme has less system overhead thanthat of the NPPM scheme. It is because that pseudonymresource in our scheme is scheduled via a global optimal way.In our scheme, the two-sided matching theory is utilized todecreases system overhead due to cost of inter-pool commu-nications. While the NPMM scheme can only schedule a partof pseudonym resource among the nearby pseudonym pools,which generally takes more pseudonym-scheduling times tosatisfy pseudonym demand. Especially, when θ decreases, thenumber of pseudonym-scheduling times is increasing leadingto bigger system overhead.

FIGURE 9. The performance comparison of different approaches withrespect to system overhead.

B. IMPACTS OF DIFFERENT SYSTEM PARAMETERSFig. 10 shows the total amount of pseudonyms offered byOPs with respect to different system parameters. Here, we setthe system parameters as [k, a, b] = [100, 1, 0.5]. The totalamount of offered pseudonyms by OPs increases when thegenerating rate of pseudonyms θ increases. The figure showsthat OPs can offer more idle pseudonyms when they generatemore pseudonyms. The amount of offered pseudonyms isinfluenced by the following predefined parameters, k, a, band θ . Fig. 10(a) shows the higher value of willingnessconstant (k) brings more pseudonyms offered by OPs, whenother system parameters are fixed. Fig. 10(b) shows thatwhen the redundant level constant (a) increases, the total

VOLUME 4, 2016 3531


FIGURE 10. Performance comparison of the total amount of pseudonymsoffered by OPs with respect to different k , a and b. (a) Different values ofwillingness constant (k). (b) Different values of redundant levelconstant (a). (c) Different values of demand level constant (b).

amount of offered pseudonyms also increases. But Fig. 10(c)shows that the total amount of pseudonyms offered by OPsis decreased when OPs pay much more attention to predicteddemand level (b) of the next time period. In summary, the

system parameters, θ , k and a, are beneficial to increasethe total amount of pseudonyms offered by OPs. While thepseudonym demands of the next time period brings negativeinfluence to the total amount of offered pseudonyms. Whenthe pseudonym-generation rate is high, the OPs are willing toshare their idle pseudonyms to others. Otherwise, the OPs arenot willing to share pseudonyms even if k , and a are higher.Apparently, the OPs should first satisfy their own demand ofpseudonyms, and then consider to help others.

VIII. CONCLUSIONSIn this paper, we have proposed a software-definedpseudonym system, which exploits SDN technology toschedule and manage the pseudonyms among distributedpseudonym pools. We have designed a hierarchical archi-tecture of SDPS for scheduling pseudonym resource from aglobal perspective. To decrease the system overheads due tothe cost of inter-pool communications, we adopted a two-sidematching theory to formulate and solve thematching problemamong the pseudonym pools. Through extensive numericalresults, we have illustrated that SDPS is efficient in improvingpseudonym-utilization, and that it also effectively strengthensthe location privacy of the vehicles.

REFERENCES[1] S. Xie and Y. Wang, ‘‘Construction of tree network with limited

delivery latency in homogeneous wireless sensor networks,’’Wireless Pers.Commun., vol. 78, no. 1, pp. 231–246, 2014.

[2] J. Shen, H. Tan, J. Wang, J. Wang, and S. Lee, ‘‘A novel routing protocolproviding good transmission reliability in underwater sensor networks,’’J. Internet Technol., vol. 16, no. 1, pp. 171–178, 2015.

[3] Y. Ren, J. Shen, J. Wang, J. Han, and S. Lee, ‘‘Mutual verifiable provabledata auditing in public cloud storage,’’ J. Internet Technol., vol. 16, no. 2,pp. 317–323, 2015.

[4] M. Gerla, E.-K. Lee, G. Pau, and U. Lee, ‘‘Internet of vehicles: Fromintelligent grid to autonomous cars and vehicular clouds,’’ in Proc. IEEEWorld Forum Internet Things (WF-IoT), Mar. 2014, pp. 241–246.

[5] X. Jiang, X. Cao, and D. H. C. Du, ‘‘Multihop transmission and retrans-mission measurement of real-time video streaming over DSRC devices,’’in Proc. IEEE 15th Int. Symp. World Wireless, Mobile MultimediaNetw. (WoWMoM), Jun. 2014, pp. 1–9.

[6] J. Li, X. Li, B. Yang, and X. Sun, ‘‘Segmentation-based image copy-moveforgery detection scheme,’’ IEEE Trans. Inf. Forensics Security, vol. 10,no. 3, pp. 507–518, Mar. 2015.

[7] B. Gu, V. S. Sheng, K. Y. Tay,W. Romano, and S. Li, ‘‘Incremental supportvector learning for ordinal regression,’’ IEEE Trans. Neural Netw. Learn.Syst., vol. 26, no. 7, pp. 1403–1416, Jul. 2015.

[8] Z. Pan, Y. Zhang, and S. Kwong, ‘‘Efficient motion and disparity esti-mation optimization for low complexity multiview video coding,’’ IEEETrans. Broadcast., vol. 61, no. 2, pp. 166–176, Jun. 2015.

[9] T. Ma et al., ‘‘Social network and tag sources based augmenting collab-orative recommender system,’’ IEICE Trans. Inf. Syst., vol. E98-D, no. 4,pp. 902–910, 2015.

[10] Z. Fu, X. Sun, Q. Liu, L. Zhou, and J. Shu, ‘‘Achieving efficient cloudsearch services: Multi-keyword ranked search over encrypted cloud datasupporting parallel computing,’’ IEICE Trans. Commun., vol. 98, no. 1,pp. 190–200, 2015.

[11] R. Yu, Y. Zhang, S. Gjessing, W. Xia, and K. Yang, ‘‘Toward cloud-basedvehicular networks with efficient resource management,’’ IEEE Netw.,vol. 27, no. 5, pp. 48–55, Sep./Oct. 2013.

[12] Z. Xia, X. Wang, X. Sun, and Q. Wang, ‘‘A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data,’’ IEEE Trans.Parallel Distrib. Syst., vol. 27, no. 2, pp. 340–352, Feb. 2016.

[13] P. Guo, J. Wang, X. H. Geng, C. S. Kim, and J.-U. Kim, ‘‘A variablethreshold-value authentication architecture for wireless mesh networks,’’J. Internet Technol., vol. 15, no. 6, pp. 929–936, 2014.

3532 VOLUME 4, 2016


[14] J. Petit, F. Schaub, M. Feiri, and F. Kargl, ‘‘Pseudonym schemes in vehic-ular networks: A survey,’’ IEEE Commun. Surveys Tuts., vol. 17, no. 1,pp. 228–255, Mar. 2015.

[15] Y. Park, C. Sur, and K.-H. Rhee, ‘‘Pseudonymous authentication forsecure V2I services in cloud-based vehicular networks,’’ J. Ambient Intell.Humanized Comput., pp. 1–11, Jul. 2015, doi10.1007/s12652-015-0309-4.

[16] D. Kreutz, F. Ramos, P. E. Veríssimo, C. E. Rothenberg, S. Azodolmolky,and S. Uhlig, ‘‘Software-defined networking: A comprehensive survey,’’Proc. IEEE, vol. 103, no. 1, pp. 14–76, Jan. 2015.

[17] E. Lee, E.-K. Lee, M. Gerla, and S. Y. Oh, ‘‘Vehicular cloud networking:Architecture and design principles,’’ IEEE Commun. Mag., vol. 52, no. 2,pp. 148–155, Feb. 2014.

[18] S. Bitam, A. Mellouk, and S. Zeadally, ‘‘VANET-cloud: A generic cloudcomputing model for vehicular ad hoc networks,’’ IEEE Wireless Com-mun., vol. 22, no. 1, pp. 96–102, Feb. 2015.

[19] X. Jiang and D. H. C. Du, ‘‘BUS-VANET: A BUS vehicular networkintegrated with traffic infrastructure,’’ IEEE Intell. Transp. Syst. Mag.,vol. 7, no. 2, pp. 47–57, Apr. 2015.

[20] K. Zheng, H. Meng, P. Chatzimisios, L. Lei, and X. Shen, ‘‘An SMDP-based resource allocation in vehicular cloud computing systems,’’ IEEETrans. Ind. Electron., vol. 62, no. 12, pp. 7920–7928, Dec. 2015.

[21] M. A. Salahuddin, A. Al-Fuqaha, and M. Guizani, ‘‘Software-definednetworking for RSU clouds in support of the Internet of vehicles,’’ IEEEInternet Things J., vol. 2, no. 2, pp. 133–144, Apr. 2015.

[22] J. Ding, R. Yu, Y. Zhang, S. Gjessing, and D. H. K. Tsang, ‘‘Serviceprovider competition and cooperation in cloud-based software definedwireless networks,’’ IEEE Commun. Mag., vol. 53, no. 11, pp. 134–140,Nov. 2015.

[23] J. Chase, R. Kaewpuang, W. Yonggang, and D. Niyato, ‘‘Joint virtualmachine and bandwidth allocation in software defined network (SDN) andcloud computing environments,’’ in Proc. IEEE Int. Conf. Commun. (ICC),Jun. 2014, pp. 2969–2974.

[24] A. V. Akella and K. Xiong, ‘‘Quality of service (QoS)-guaranteed networkresource allocation via software defined networking (SDN),’’ in Proc.IEEE 12th Int. Conf. Dependable, Autonomic Secure Comput. (DASC),Aug. 2014, pp. 7–13.

[25] M. Zhu, J. Cao, D. Pang, Z. He, and M. Xu, ‘‘SDN-based routing forefficient message propagation in VANET,’’ Wireless Algorithms, Syst.,Appl., pp. 788–797, 2015, Springer.

[26] R. Yu, J. Ding, X. Huang, M.-T. Zhou, S. Gjessing, and Y. Zhang, ‘‘Opti-mal resource sharing in 5G-enabled vehicular networks: A matrix gameapproach,’’ IEEE Trans. Veh. Technol., to be published.

[27] M. Raya and J.-P. Hubaux, ‘‘Securing vehicular ad hoc networks,’’ J. Com-put. Secur., vol. 15, no. 1, pp. 39–68, 2007.

[28] Y. Sun, Z. Feng, Q. Hu, and J. Su, ‘‘An efficient distributed key man-agement scheme for group-signature based anonymous authentication inVANET,’’ Secur. Commun. Netw., vol. 5, no. 1, pp. 79–86, Jan. 2012.

[29] U. S. Census Bureau. TIGER, TIGER/Line and TIGER-Related Products.(2016). [Online]. Available: http://www.census.gov/geo/www/tiger/

[30] Y. Sun, X. Lin, R. Lu, X. Shen, and J. Su, ‘‘Roadside units deployment forefficient short-time certificate updating in VANETs,’’ in Proc. IEEE Int.Conf. Commun. (ICC), May 2010, pp. 1–5.

[31] K. Singh, P. Saini, S. Rani, and A. K. Singh, ‘‘Authentication andprivacy preserving message transfer scheme for vehicular ad hoc net-works (VANETs),’’ in Proc. 12th ACM Int. Conf. Comput. Frontiers (CF),New York, NY, USA, 2015, pp. 58:1–58:7.

[32] D. Huang, S. Misra, M. Verma, and G. Xue, ‘‘PACP: An efficientpseudonymous authentication-based conditional privacy protocol forVANETs,’’ IEEE Trans. Intell. Transp. Syst., vol. 12, no. 3, pp. 736–746,Sep. 2011.

[33] H. Kim and N. Feamster, ‘‘Improving network management with softwaredefined networking,’’ IEEE Commun. Mag., vol. 51, no. 2, pp. 114–119,Feb. 2013.

[34] G. Baltoglou, E. Karapistoli, and P. Chatzimisios, ‘‘IPTV QoS and QoEmeasurements in wired and wireless networks,’’ in Proc. IEEE GlobalCommun. Conf. (GLOBECOM), Dec. 2012, pp. 1757–1762.

[35] G. Sabidussi, ‘‘The centrality index of a graph,’’ Psychometrika, vol. 31,no. 4, pp. 581–603, Dec. 1966.

[36] D. Gale and L. S. Shapley, ‘‘College admissions and the stability ofmarriage,’’ Amer. Math. Monthly, vol. 69, no. 1, pp. 9–15, Jan. 1962.

[37] M. A. Hoque, X. Hong, and B. Dixon, ‘‘Analysis of mobility patterns forurban taxi cabs,’’ in Proc. Int. Conf. Comput., Netw. Commun. (ICNC),Jan./Feb. 2012, pp. 756–760.

[38] Y. Li, D. Jin, Z. Wang, P. Hui, L. Zeng, and S. Chen, ‘‘A Markovjump process model for urban vehicular mobility: Modeling and appli-cations,’’ IEEE Trans. Mobile Comput., vol. 13, no. 9, pp. 1911–1926,Sep. 2014.

[39] K. Sampigethaya, M. Li, L. Huang, and R. Poovendran, ‘‘AMOEBA:Robust location privacy scheme for VANET,’’ IEEE J. Sel. Areas Commun.,vol. 25, no. 8, pp. 1569–1589, Oct. 2007.

XUMIN HUANG is currently pursuing thePh.D. degree in networked control systems withthe Guangdong University of Technology, China.His research interests mainly focus on networkperformance analysis, simulation, and enhance-ment in wireless communications and networking.

RONG YU (S’05–M’08) received the Ph.D. degreefrom Tsinghua University, China, in 2007. He iscurrently a Full Professor with the GuangdongUniversity of Technology. His research interestmainly focuses on wireless communications andnetworking, including cognitive radio, wirelesssensor networks, and home networking. He is theco-inventor of over ten patents and has authoredor co-authored over 70 international journal andconference papers. He is currently serving as the

Deputy Secretary General of the Internet of Things (IoT) Industry Alliance,Guangdong, China, and the Deputy Head of the IoT Engineering Center,Guangdong. He is themember of the HomeNetworking Standard Committeein China, where he leads the standardization work of three standards.

JIAWEN KANG received the M.S. degree fromthe Guangdong University of Technology, China,in 2015, where he is currently pursuing thePh.D. degree. His research interests mainly focuson resource management, security, and privacyprotection in wireless communications and net-working. He has authored or co-authored 15 papersin journals, magazines, and proceedings of interna-tional conferences.

NING WANG (M’12) received the M.E. degreein electronics engineering from Nanyang Univer-sity, Singapore, in 2000, and the Ph.D. degree inelectronics engineering from theUniversity of Sur-rey, Guildford, U.K., in 2004. Since 2009, he hasbeen the Principal Investigator for several EU andU.K. research grants in the areas of future Internetdesign, and network management and control.He is currently a Reader with the Institute for Com-munication Systems, University of Surrey. His

current research interests include information-centric networking, networkresource management and optimization, and smart grid communications.

VOLUME 4, 2016 3533


SABITA MAHARJAN (M’09) received theM.E. degree from the Antenna and PropagationLaboratory, Tokyo Institute of Technology, Tokyo,Japan, in 2008, and the Ph.D. degree in networksand distributed systems from the Simula ResearchLaboratory and the University of Oslo, Norway,in 2013. She is currently a Post-Doctoral Fellowwith the Simula Research Laboratory, Fornebu,Norway. Her research interests include wirelessnetworks, network security and resilience, smart

grid communications, cyber-physical systems, machine-to-machine commu-nications, and software defined wireless networking.

YAN ZHANG (SM’10) is currently the Head of theDepartment of Networkswith the Simula ResearchLaboratory, Norway, and an Associate Professor(part-time) with the Department of Informatics,University of Oslo, Norway. He received thePh.D. degree from the School of Electrical andElectronics Engineering, Nanyang TechnologicalUniversity, Singapore. He is an Associate Editoror on the Editorial Board of a number of well-established scientific international journals, e.g.,

Wiley Wireless Communications and Mobile Computing. He also servesas the Guest Editor of the IEEE TRANSACTIONS ON SMART GRID, the IEEETRANSACTIONS ONDEPENDABLE AND SECURE COMPUTING, the IEEE TRANSACTIONS

ON INDUSTRIAL INFORMATICS, the IEEECommunicationsMagazine, IEEEWire-less Communications, the IEEE Network, the IEEE Systems, and the IEEEInternet of Things. He serves as chair positions in a number of conferences,including the IEEE PIMRC 2016, the IEEE Cloudcom 2016/2015, theIEEE CCNC 2016, the IEEE ICCC 2016, WICON 2016, and the IEEESmartGridComm 2015. He serves as a TPC Member for numerous interna-tional conference, including the IEEE INFOCOM, the IEEE ICC, the IEEEGLOBECOM, and the IEEE WCNC. His current research interests includewireless networks and reliable and secure cyber-physical systems (e.g., smartgrid, transport, and healthcare). He has received eight Best Paper Awards. Heis a Senior Member of the IEEE ComSoc, the IEEE VT Society, the IEEEPES, and the IEEE Computer Society. He is a fellow of IET.

3534 VOLUME 4, 2016

software defined networking with pseudonym...

Documents